Overview

Authentication Process

Kerberos-secured applications perform this optional step. First, the service modifies the data in the authenticator with an algorithm known to the client. The authenticator is then encrypted in the session key and returned to the client. The client uses its copy of the session key to decrypt the authenticator and verifies that the data was properly modified.

The most important aspect of this authentication protocol is that it is based on shared secrets between the Kerberos Server and each principal, that is, the user and service principals. The service principal that successfully decrypts a ticket can trust that the Kerberos Server created and encrypted the ticket, since only the server and the service principal share the key that correctly encrypted and decrypted the ticket.

A user can view the tickets issued to them by running klist.

Chapter 1

31

Page 30 Page 32
Page 31
Image 31
HP UX Kerberos Data Security Software manual Authentication Process
Page 30 Page 32
Top Page Image Contents